Apple's March 2012 sandbox rule angers developers

November 5, 2011 by Nancy Owano in Technology / Software

Apple has finally issued its directive toward developers after a stalled November date. As of March 2012 Mac apps submitted to the Mac App store will have to abide by sandboxing requirements. While developers knew it was coming all along and accept the security benefits of sandboxing, angry comments this week indicate Apple may get a pile of complaints rather than Valentines from developers before March rolls around.

In addition to new apps, developers will have to change their existing Mac App Store apps to a sandbox rendering if they want to post an update. The rules will apply on apps offered through the Mac App Store.

For Apple, the sandboxing edict is all about Mac security. The vast majority of Mac users have been free from malware and were working on technologies to help keep it that way, said Apple in its announcement.

Sandboxing refers to partitioning off an area whereby any resource operation deemed risky cannot be accessed. A sandbox is a restricted environment that bars access to unauthorized resources. Proponents say that sandboxing addresses the risk of malware; it is a sound way to protect systems. Limiting the resources that apps can access is a good thing, in the battle against malware.

Among the developer feedback this week were notes that developers working on simple apps are not likely to find the new rules painful but the rub might be felt by developers set to do work on a bigger scale. Some developers are bristling at the very thought of having to stifle their tendencies to think outside the sandbox."

One of the comments posted is from developer Pauli Olavi Ojala, who says it's the extensible platform that makes it possible for third parties to create what other developers may never think of. Innovation can't happen, he says, in an environment where everyone is only doing what's expected.

Under Apple's upcoming sandboxing system, apps will be able to request "entitlements" to what they can access but Apple will then decide whether the requested entitlements are appropriate.

Surprisingly, numerous comments have been posted on Slashdot that think Apple's March edict is more sensible than draconian. "Common-sense security is being applied: No app should have permissions to do something it can't show good need for," was how one comment phrased it, and it reflects similar reactions, on how sandboxing is the right way to make computers more secure.

There were also stoic reactions on some sites, with acceptance that Apple is a force not to be reckoned with for any developer seeking a lucrative distribution path.

Which developer stance will resonate loudest come March is not yet clear. On one side, developers are confident that Apple is making a reasonable move out of security concerns and the move will not hinder them in the long run. On the other side is a stinging suspicion that Apple wants a sandbox environment so that Apple can exercise great control and lock down desktop content.

Almost as if technologist Tim Bray could see the future, he wrote this in 2008: "I dont want to write code for a platform where theres someone else who gets to decide whether I get to play and what Im allowed to sell, and who can flip my youre-out-of-business-switch any time it furthers their business goals."